Black Duck CEO: Why We Got In The Security Business

Black Duck Software started in the open source license compliance and governance space years ago, but the company made a big pivot to security solutions over the last couple of years. Black Duck CEO Lou Shipley told CRNtv that move came from customer demand.

“Increasingly we were seeing big users of open source that were building applications internally,” said Shipley. “So for example, a bank like JP Morgan, they have 6,000 applications, 18,000 developers, they knew they were using a lot of it but they didn’t know if there was any open source vulnerabilities within the code.”

Shipley joined Black Duck three years ago and immediately heard from customers that they needed someone to focus on the security piece of open source.

That doesn’t mean Black Duck’s compliance and governance business is dead – far from it – but the company now offers a full portfolio of products for open source application security and Docker container security.

The product collection provides an opportunity for solution providers to earn recurring revenues from security offerings.